A compute server receives a request from a client device that triggers execution of a third-party code piece. The compute server is one of multiple compute servers that are part of a distributed cloud computing network. The request may be an HTTP request and directed to a zone. A single process at the compute server executes the third-party code piece in an isolated execution environment. The single process is also executing other third-party code pieces in other isolated execution environments respectively. A response is generated to the request based at least in part on the executed third-party code piece, and the generated response is transmitted to the client device.

The disclosure provides an approach for processing communications between connected data centers. Embodiments include receiving, at a first gateway of a first data center from a second gateway of a second data center, one or more policies associated with traffic attributes. Embodiments include programming priority routes between the first gateway and the second gateway over a virtual private network (VPN) tunnel based on the one or more policies, wherein each of the priority routes is associated with a traffic attribute of the traffic attributes. Embodiments include providing the one or more policies to a central controller of the first data center and programming, by the central controller, one or more tables associated with a centrally-managed virtual switch based on the one or more policies. Embodiments include updating a database associated with each of a plurality of hosts based on the programming of the one or more tables.

Example methods and systems to register and manage a plug-in in a virtualized computing environment have been disclosed. One example method includes initiating a deployment process to deploy a virtual appliance configured to host the plug-in, pushing information associated with a user interface on a management entity to the virtual appliance to be one or more Open Virtual Appliance (OVA) environment properties, powering on the virtual appliance and registering and managing the plug-in on the management entity through the UI.

An example method of establishing trust between a cross-cluster control plane (xCCP) and a cluster control plane (CCP) of an autonomous cluster of hosts in a virtualized computing system includes: providing, by the xCCP, trust data of the xCCP to a hypervisor of a host in the autonomous cluster that is executing the CCP; providing, by the hypervisor, the trust data to the CCP through a volume attached to a virtual machine (VM) that executes the CCP; persisting, by the CCP, the trust data in a database; and accessing, by a security token service (STS) of the CCP, the trust data in the database to authenticate access to the CCP by the xCCP.

Disclosed are various embodiments for various approaches for implementing trust domains to provide boundaries between PCIe devices connected to the same PCIe switch. A first trust identifier can be assigned to a first virtual machine hosted by the computing device. The first trust identifier can also be assigned to a first PCIe device assigned to the first virtual machine. Later, it can be determined that a second PCIe device connected to the PCIe switch is assigned a second trust identifier assigned to a second virtual machine. An Address Control Services (ACS) direct translated bit for peer-to-peer memory requests in the PCIe switch can be disabled in response to a determination that the second PCIe device is associated with the second trust identifier assigned to the second virtual machine.

The disclosed technology provides solutions for performing rapid authentication and authorization for distributed containerized microservices. In some aspects, a process of the technology can include steps for: associating a service type with a set of microservices or service pods, detecting deployment of a first microservice on a first host, and receiving an authentication and authorization state from a first virtual network edge (VNE) of the first host. In some aspects, the process can further include steps for distributing the authentication state to a second VNE on a second host, wherein the authentication state is configured to facilitate authentication of one or more subsequent microservices instantiated on the second host by the second VNE. Systems and machine readable media are also provided.

Rapid launch of secure executables in a virtualized environment includes using a persisted security cache in a virtualized component (VC), such as a virtual machine. The VC generates a cache integrity value (IV), such as a hash value, for the security cache and sends it to a remote validator, which returns an indication of security cache validity or invalidity. Upon receiving a request to execute applications, the VC analyzes whether the applications have been determined to be safe to execute and have not been altered. The VC retrieves application IVs from the security cache, rather than hashing each of the applications, thereby saving compute time, and sends the application IVs to a remote validator, which returns an indication of application validity or invalidity.

A method, a device, and a non-transitory storage medium are described in which an elastic platform virtualization service is provided in relation to a virtual device. The elastic platform virtualization service includes logic that provides for the management of a virtualized device during its life cycle. The creation or reconfiguration of the virtualized device is based on a tertiary choice between using dedicated hardware and dedicated kernel; common hardware and common kernel; or a combination of the dedicated hardware, dedicated kernel, common hardware, and common kernel.

Techniques are provided for incrementally restoring a virtual machine hosted by a computing environment. In response to receiving an indication that the virtual machine is to be incrementally restored, a snapshot of the virtual machine may be created while the virtual machine is shut down into an off state. The snapshot is transmitted to a storage environment as a common snapshot. The snapshot and the common snapshot are common snapshots comprising a same representation of the virtual machine. The common snapshot and a prior snapshot of the virtual machine are evaluated to identify a data difference of the virtual machine between the common snapshot and the prior snapshot. An incremental restore is performed of the virtual machine by transmitting the data difference from the storage environment to the computing environment to restore the virtual machine to a state represented by the prior snapshot.

A “backup services container” comprises “backup toolkits,” which include scripts for accessing containerized applications plus enabling utilities/environments for executing the scripts. The backup services container is added to Kubernetes pods comprising containerized applications without changing other pod containers. For maximum value and advantage, the backup services container is “over-equipped” with toolkits. The backup services container selects and applies a suitable backup toolkit to a containerized application to ready it for a pending backup. Interoperability with a proprietary data storage management system provides features that are not possible with third-party backup systems. Some embodiments include one or more components of the proprietary data storage management within the illustrative backup services container. Some embodiments include one or more components of the proprietary data storage management system in a backup services pod configured in a Kubernetes node. All configurations and embodiments are suitable for cloud and/or non-cloud computing environments.